An anonymous reader writes:
IBM X-Force’s Application Security Research Team has devised a logical attack that allows a malicious user to intrude into user accounts on a relying website — a website that relies on authentication assertions passed to it by the identity provider — by abusing the social login mechanism.
A specific instance of this attack allowed an attacker to intrude into a Slashdot user account by using the “Sign In With LinkedIn” service. It should be noted that LinkedIn responded quickly and fixed this vulnerability after the attack was disclosed. Once logged in, the attacker has complete access to the victim’s account. For example, the attacker could access the victim’s private information and impersonate him or her